CVE-2024-40586

MEDIUM

FortiClient <7.4.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-40586. PoCs published by Hagrid29.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2024-40586, demonstrating coerced authentication in FortiClient via a named pipe. The exploit sends a crafted payload to trigger a file read operation with SYSTEM privileges, enabling remote authentication coercion or local privilege escalation.

Description

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

Exploits (1)

nomisec WORKING POC 1 stars
by Hagrid29 · poc
https://github.com/Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient

The repository contains a functional PoC for CVE-2024-40586, demonstrating coerced authentication in FortiClient via a named pipe. The exploit sends a crafted payload to trigger a file read operation with SYSTEM privileges, enabling remote authentication coercion or local privilege escalation.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: FortiClient 7.0.8.0427
No auth needed
Prerequisites: Access to the vulnerable named pipe · Network connectivity to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.7
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (2)
fortinet/forticlient 7.4.0
fortinet/forticlient 7.0.3 - 7.0.14
Published Feb 11, 2025
Tracked Since Feb 18, 2026